Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

'Just Let Me Code!'

Trillan I laughed my way through this article (372 comments)

I laughed my way through this article. The best part was when he said he wasn't the only one, and linked to someone with legitimate concerns.

Don't want to use a bug tracker? That's fine. Use a TODO file in your directory if you need to put something aside.

Don't want to use VCS? That's REALLY stupid. Hook a clapper to a backup trigger. "I'm about to do something dangerous! (clap clap!)"

Why really stupid? Because you can argue git is too complicated, that it lets you do too many things, etc, etc. Great! You might be right. But if you're a beginner, you can get away with:

The long, laborious setup:
git init

Saving changes:
git add --all .
git commit -m "This is what I did."

Undoing changes before saving them:
git reset --hard
git clean -fd

Hell, use a GUI. There's decent ones out there. But use something simple. Start HERE. This gives you an annotated history of what you changed and why. Do NOT argue that's some ridiculous process, because it will probably save you a significant amount of time within your first day.

Yes, you can set up a remote repository. Yes you can push, branch, merge, whatever the hell you want. But if it's just you, you're damn right that's too much process. So don't do it!

about 2 months ago
top

FCC Approves Plan To Spend $5B Over Next Five Years On School Wi-Fi

Trillan Re:How about 5BN... (54 comments)

Attendance and evaluation are done directly into the SIS in most cases now. The biggest systems are web only, in fact. Many schools are tracking attendance by the minute to maximize their funding. Data is available to principals via their browser (or pushed in some cases) so they're aware of what's going on in their schools. Tracking of performance can be done across skills now, giving a much better picture of what the student needs help in rather than just "C-."

I'll admit I don't work on the lesson plans much, though I'm certainly aware a lot is going on.

This isn't 1952. Technology can help.

about 2 months ago
top

FCC Approves Plan To Spend $5B Over Next Five Years On School Wi-Fi

Trillan How about 5BN... (54 comments)

Facebook can be pretty easily blocked at the router level. On the other hand, there's a variety of lesson plans and administrative tools used in education that can benefit from better connectivity.

about 2 months ago
top

Ninety-Nine Percent of the Ocean's Plastic Is Missing

Trillan Re:One non-disturbing theory (304 comments)

If water is that good at dissolving plastic we're all in a lot of trouble. As for a new, plastic-eating bacteria? That's nothing to be concerned about at all!

Seriously, fish eating it terrible. But it is probably the least bad alternative, unless we're going to include "space aliens carefully harvesting it, while leaving sea life alone" on the list of theories.

Hippie doesn't usually extend to "caring at all."

about 3 months ago
top

Weak Apple PRNG Threatens iOS Exploit Mitigations

Trillan Re:Not responsible disclosed (143 comments)

I've reported three security issues. Two of them were fixed in the next release — the third was fixed in the next release after that (but I reported it two days before the next release).

So I have to call bullshit. Report security issues through channels, they'll get fixed. Post them to your blog or on a forum, Apple will never see them.

about 6 months ago
top

Weak Apple PRNG Threatens iOS Exploit Mitigations

Trillan Re:Not responsible disclosed (143 comments)

It's left implied (I think) that he didn't notify the vendor at the same time as everyone else, just that the vendor noticed the public notification.

If I'm wrong and he explicitly looped Apple in, then I'd consider that responsible (or responsible enough, at any rate).

about 6 months ago
top

Weak Apple PRNG Threatens iOS Exploit Mitigations

Trillan Re:Not responsible disclosed (143 comments)

That's a good point, too. Disclosing a weakness is more reasonable than a ready made exploit.

about 6 months ago
top

Weak Apple PRNG Threatens iOS Exploit Mitigations

Trillan Re:Not responsible disclosed (143 comments)

Thanks for your reply. I've softened on this since making that comment. I think there's a huge grey area for responsible disclosure. A week ahead of time? A day ahead of time? I'd consider these fairly grey, but whatever. But I still think not disclosing it to Apple at all and relying on them picking it up through the grapevine is pretty irresponsible.

I've reported three security issues to Apple. While the issues I reported were relatively minor (one was a design flaw in Time Machine, the other a buffer overrun in one of the image decoders; I don't even remember which, and the final one in the DMG handling), I wasn't at all happy with how Apple handled them. I received no email until a couple weeks later when they asked me how I'd like credit. They got patched in the next version of the OS, but in both cases I was left with several weeks of wondering if they'd even read my bug report. The design flaw was easy for the user to workaround (you just had to make sure to remove insecure apps from your Time Machine backup), so I mentioned the workaround a few days after reporting it.

But I can't imagine not at least telling Apple. In fact, one of the bugs I reported was a longstanding bug I found documented in public. I was just the first one to report it to Apple. It got fixed two weeks after I reported it. I just think it's absurd that we accept the bystander effect when it comes to computer security.

(I originally wrote this reply having forgotten of one of the issues I reported, so if there's anything left that implies only two that's why.)

about 6 months ago
top

Weak Apple PRNG Threatens iOS Exploit Mitigations

Trillan Re:It was. Read on. (143 comments)

I didn't see that in the article. Can you point it out? (Seriously if this is true, I really want to know.)

about 6 months ago
top

Weak Apple PRNG Threatens iOS Exploit Mitigations

Trillan Re:Laugh (143 comments)

Do you have any evidence this was introduced in 7.0.6?

about 6 months ago
top

Weak Apple PRNG Threatens iOS Exploit Mitigations

Trillan Not responsible disclosed (143 comments)

"Mandt said he did not disclose the issue to Apple"

We really need to stop paying people — directly or indirectly — for irresponsible disclosure.

about 6 months ago
top

Ask Slashdot: How Can I Prepare For the Theft of My Android Phone?

Trillan Re:Pretty easy. (374 comments)

First, you can set the password to much longer than 4 characters.

Secondly, any parent can tell you that even without "wipe after 10 failed attempts" turned on, the iPhone will not allow you to enter PINs continuously. You'll start getting increasing delays fairly quickly, including delays that are quite long.

about 6 months ago
top

Apple Refuses To Unlock Bequeathed iPad

Trillan Re:Privacy (465 comments)

It would if full disk encryption was on and the user didn't leave their encryption key/password.

about 6 months ago
top

Apple Drops Snow Leopard Security Updates, Doesn't Tell Anyone

Trillan Re:Is Snow Leopard vulnerable? (241 comments)

No, CVE-2014-1266 is 10.9 and 10.9.1 only. You're right about it also applying to iOS 6, but that's what the person you're replying to already said.

about 7 months ago
top

Apple Fixes Dangerous SSL Authentication Flaw In iOS

Trillan Re:How about OS X? (101 comments)

There's no contradiction there. You are running a seed of 10.9.2, not 10.9.2.

I'm more curious if Apple will put out a fix BEFORE 10.9.2 ships; rumours still peg 10.9.2. a few weeks away.

about 7 months ago
top

Apple Fixes Dangerous SSL Authentication Flaw In iOS

Trillan Re: goto fail (101 comments)

The source is available; how does "security through obscurity" apply at all?

about 7 months ago
top

Apple Fixes Dangerous SSL Authentication Flaw In iOS

Trillan Re: goto fail (101 comments)

Um, sure there is. Search for SSLHashSHA1.update; it's in the second group of them.

about 7 months ago
top

Apple Fixes Dangerous SSL Authentication Flaw In iOS

Trillan Re:How about OS X? (101 comments)

10.7 probably isn't vulnerable, as it predates iOS 5 (which doesn't have this flaw).

If 10.8 is vulnerable, the suggested upgrade would be 10.9.3 anyway. (10.9 has the same requirements as 10.8, and is a free upgrade.)

I would like to see an article that explains which versions are vulnerable, however.

about 7 months ago
top

iPhone Apparently Open To Old Wi-Fi Attack

Trillan Re:HTTPS (90 comments)

This is a fascinating problem. I can see the feature being incredibly valuable, yet awful as it's currently implemented. Is there an approach to doing this safely?

about a year ago

Submissions

Trillan hasn't submitted any stories.

Journals

top

Construction?

Trillan Trillan writes  |  more than 7 years ago

Anyone know what effect local (very, very local) construction is likely to have on hardware? It feels like the thrumming of a ferry crossing in my office all the time.

Specifically, is there any reason at all to think turning the hardware off will help? I usually leave my PC on so I can work on it from home.

top

WebKit now open source, WebCore forked

Trillan Trillan writes  |  more than 9 years ago

Tried to submit this, but it was rejected: http://weblogs.mozillazine.org/hyatt/

Apple has effectively forked the parts if KHTML they use and now offer CVS, changelogs and defect tracking. Additionally, WebKit (the layer above WebCore) is now open source as well.

top

Blog moving

Trillan Trillan writes  |  more than 9 years ago I've started a personal site some time ago. Over time, I find I've been updating this blog less and less, and that one more and more. So I think I'll make it official -- this journal is dead. For future blatherings, see www.objectsatrest.com. :)

top

So what's new?

Trillan Trillan writes  |  more than 9 years ago

This is an odd sort of subject, so let me explain a bit.

Back ten years ago, my Aunt & Uncle (and their kids) returned briefly to Vancouver on their way to Calgary. They'd spend the last year or two in Africa. (Something I'd love to do one day.) Anyway, I remember that in the airport my Aunt sat down on a car bumper casually. After thinking about it for a few seconds, I realized that car alarms had only become popular since she'd gone overseas.

So now I'm wondering... what's new since September 2004? Am I in for any kind of culture shock?

True, four months isn't a year or two. But things are not only changing faster than ever, but they seem to be changing how fast they change faster than ever...

top

When you can't win an argument...

Trillan Trillan writes  |  more than 9 years ago

Believing in Open Source is one thing -- I've contributed code to LGPL and GPL (PILRC) projects, and I've even started a BOOST project (MorePalmOS -- the BOST license is similiar to BSD, but without the need for credit). But somehow, believing that the license that code is distributed under should be respected makes me an enemy of rabid Open Source advocates.

I've spent over 1,000 hours on my current product. If you value my time at BC's minimum wage, that's $8,000 invested so far -- counting only raw labour. (A more fair price would include at least part of my PC's cost, the development software I had to buy specifically for this project since the Open Source tools were not adequate, and the hardware I had to purchase specifically for this project.) By the end of this project, I expect over 10,000 hours of my effort to be focused on this project. That does not include testing, graphics work or marketing.

These people would have you believe that they should be legally free to not only use my product without paying for it, but also to offer it to other users for free or even sell it to other users.

Slashdot really is a den of antisocial assholes, isn't it?

sheldonb (68034) has made you their foe.
If you'd like to, view or edit your friends and foes.

master_meio (834537) has made you their foe.
If you'd like to, view or edit your friends and foes.

sqrt(2) (786011) has made you their foe.
If you'd like to, view or edit your friends and foes.

top

The other side of life here

Trillan Trillan writes  |  more than 9 years ago

Of course, the other side of life here is the natural disasters, which I'll group the police force in with just for simplicity's sake...

To quote one website: In 2000 a Brussels-based research centre declared the Philippines the most disaster-prone country on earth. It named typhoons, earthquakes, volcanic eruptions, floods, garbage landslides and military action against Muslim insurgents as just some of the problems both locals and tourists have had to deal with.

My wife and I went out today -- the weather really isn't that bad here, not much worse than a Vancouver, BC, Canada storm except it doesn't stop. A lot of stores are closing early to give people time to get home early. Schools are closed. It's a "warning 2" -- a class below the one that removed the second floor of the house my wife lived in a few years ago. According to one report, there's already 400+ dead.

Where am I in relation to all of this? Well, both Winnie and Yoyong have passed to the north of me, by maybe a few hundred miles.

Edit: Oh, I forgot to mention the police force problem. Link is here.

top

Good evening, sir!

Trillan Trillan writes  |  more than 9 years ago

One thing I can't get used to here is how polite the employees at fast food restaraunts are here in the Philippines. Not just McDonald's, where people have to smile at cuomsters back in Canada or risk a reprimand. And it's not just a smile, either -- it's as if they're happy to have a job, and care about what they're doing.

It's something I think North Americans need to learn. No matter how lousy your job is, remember you choose to keep it. And if you face customers, don't let them see that you're not 100% happy.

top

Unix commands for Win32.

Trillan Trillan writes  |  more than 9 years ago

Back home in the Philippines (home being defined by where my wife is, rather than my native country, citizenship or preferred weather) and re-installing some tools on my home PC....

I found this once before, but didn't think to blog it. This time I'm going to mention it!

For those of you who get to play with a lot of platforms but don't want to rely on cygwin for basic commands, check out this SourceForge project: http://unxutils.sourceforge.net/

It implements a lot of the Unix commands on Win32. There aren't any installation instructions, but I just expanded the archive in my Program Files folder and added the path of most of the commands (C:\Program Files\UnxUtils\usr\local) to my path environment variable. You may need to do more, since that's clearly not the ideal way to install it. What isn't clear to me is what the ideal way is (although I have a feeling it's to install the usr part of the tree to the root). But this was good enough for me.

I didn't bother with the Unix-like shell, as I'm not that much of a shell junkie.

top

British Fiction

Trillan Trillan writes  |  more than 10 years ago

I don't know why I didn't think to post this before. Perhaps because it's strictly an opinion thing...

If you're a fan of Douglas Adams, you're probably still as depressed about his passing as I am. But you owe it to yourself to check out Terry Pratchett's Discworld as well.

The series is actually several subseries: Rincewind & The Wizards, The Witches, The Watch, Deateh & Susan, plus a couple independent books. Which book should you start with? Well, other than not starting with one of the first two (they're okay, but not representative), it depends what you are into. Most of the books play off a phenomenon: Moving Pictures, for instance, off of Hollywood; The Truth, for instance, is based on the media (specifically, newspapers and tabloids), Wyrd Sisters apparently apparently appeals to MacBeth fans, but I'm still waiting for it in the mail...

If you haven't heard of Pratchett before and are looking for a recommendation, by all means ask. And if you *have* heard of him, please take a moment and tell me what your favorite book was. :)

top

Trillan Trillan writes  |  more than 10 years ago

I know this isn't especially insightful, but I just noticed my last journal entry was in late May. So I thought I'd post something, at least: I hate being here.

It isn't that I don't like the country, because I do. I think Canada is the best country in the world to live in. (I don't mean to offend you Americans, English or whatever. You're allowed your opinion, too!)

But I really realize now how miserable I am when I'm alone.

I've got six months of aloneness to look forward to at a minimum before my wife is allowed into the country. That's assuming, of course, that I don't go nuts long before then and go back overseas.

Official results are overdue for the latest election in the Philippines. I don't really care who wins, as long as it is someone who won't work up a hatred of Caucasians, or Americans in particular. (Not that I'm American, but anyone gullible enough to buy that Americans need to be abused on the streets probably won't stop to check. Not that my own personal safety is my only concern, but I'd be lying if I said it wasn't one at all.)

Some would call working from overseas like I'll probably do "outsourcing." It's a pretty lousy name, though, IMO. Temporary relocation? I don't know what a fair name would be...

Anyway, if I disappear again, that will be why.

top

The Philippines Reloaded

Trillan Trillan writes  |  more than 10 years ago

This is going to be a much shorter version of what I had here before it vanished for no particular reason...

According to many, the Philippines is a country in turmoil. Technically a democracy, they have huge problems with election violence and corruption. (Although it's worth pointing out that there are certainly countries with bigger problems in each category...)

So why is it a problem there and not here? How is it that a country largely shaped out of ruins by the US has such problems holding an honest, non-violent election? (Let's put aside the debate over possible corruption in 2000 in Florida; it might be true, it might not, but seemingly it's a fairly isolated incident.) What does the US have that the Philippines lacks? And it is not a question of the Philippine people being crazy or anything like that, because they're not. How is it that the Filipinos take elections so seriously and are so terrible at it?

I was in the Philippines this election on May 10th. (There's a whole story behind that which I'll probably get around to posting one day, but for now let's just say it was personal and had nothing to do with out-sourcing.) People died in that election; maybe not that many, but even though the fatalities were lower than, say, car accidents that day... the car accidents were accidents, and the election violence wasn't. (That said, CNN certainly sensationalized the election violence. I went to a polling station, and it was certainly calm. I went "home" and sipped ice tea while watching about the horror, the horror on CNN. But CNN spinning a news story to make it bigger isn't exactly a news story anymore.)

But I'm digressing. My question is this: What is the Philippines lacking that makes their elections so dangerous and corrupted? What particular check/balance does the US have that makes it different? Or is it something the Philippines has that the US doesn't that throws off the equilibrium so badly? Is it just a question of extremes? Is America going to see something similiar one day?

I hope nobody finds this insulting. I just want to know what you think it is... one thing Im pretty sure it's not is a fundamental difference between Filipinos and Americans. They're not a hostile people by nature.

Disclosure: I'm a Canadian, not an American. But you can replace "American" with "American or Canadian," or even "most of the Western world" in much of the above if you prefer, save for the bits about the Americans helping shape the current structure. And nobody is about to complain about that; whatever mistakes were made, they're better than what was there before.

top

Hey, where'd my last journal go?

Trillan Trillan writes  |  more than 10 years ago

Was it just bitrot, or are journals subject to censure/deletion? Anyone know?

top

Trillan Trillan writes  |  more than 10 years ago

I noticed over time that I had a few fans I didn't recognize. I went through their posts to see if our paths had crossed, and in some cases they hadn't posted in months.

I shrugged, left it alone, and ignored them for the most part. But every now and then, I went through to see what they were posting.

Today, I marked the last of them up from Neutral to Positive. I'm astounded at how quickly they realized we had like opinions and ethics.

Anyway... thank you, guys. You're making slashdot more fun to read now that I can add a bit of friend and friend-of-friend filtering!

top

Trillan Trillan writes  |  more than 10 years ago

Don't you just hate Software Pirates?

Over the years, I've lost uncountable dollars -- and an entire company -- to them.

Further, it's because of them that I can't play Halo on my Powerbook without lugging my CDs around with me.

We'll all win when this stops. Well, except for those of you who are so proud of your illegal copy of Photoshop. But don't worry, pirates, it's impossible for it to ever actually be stopped.

Scum.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>